Why choose Compliance Aspekte
for TISAX® implementation
End-to-end consultancy
Our team of consultants provides full support on TISAX® implementation and is ready to guide you through all aspects of our product operation.
One solution for multiple standards
Compliance Aspekte allows to manage multiple standards (ISO/SAE 21434, TISAX®, ASPICE®, KGAS, ISO 27001, ISO 9001, BSI IT-Grundschutz, B3S, GDPR and others) within a single system and thus share the efforts and understand dependencies, current statuses, and other aspects.
Granular TISAX® requirements display
The TISAX® requirements can be assessed separately. This helps to make the evaluation easier and more transparent and crucially simplifies the decision-making process regarding the maturity level.
PDCA cycle supporting
Our tool supports TISAX® certification and a PDCA cycle, so it can help you get certified and continuously improve your ISMS.
Fully implemented new catalog
It contains the requirements from the spreadsheets “Information Security,” “Data Protection,” and “Prototype Protection” grouped in corresponding modules.
Each requirement/control question is assessed by assigning levels of maturity.
Visibility of each requirement criticality and implementation status
This feature simplifies control question responses by displaying implemented requirements and providing detailed information, including responsible persons, documents, tasks, and added notes.
Requirements can be supported through tasks or individual controls, and self-assessment is also an option.
Discover TISAX® VDA Dashboards: Excel-Like Experience
The green line visualizes the target maturity levels per chapter. To prepare for a TISAX® assessment, your maturity levels in the blue section should be by or above this line.
Your organization is ready for the TISAX® assessment if your result score (“Result with cutback to target maturity levels”) is close to ‘3.0’.
For the TISAX® certification, you need to conduct a self-assessment based on the ISA by determining whether your ISMS matches the expected maturity level in the “Information Security Assessment” tabs.
Compliance Aspekte dashboard rates the maturity level of your information security management system per question.
Compliance Aspekte is trusted by
Testimonials
We were new to compliance and ISO 27001 implementation and had to go through the sophisticated certification process. Puzzled by the regulatory complexity, we wanted to find the best way for us to get started. Our project manager (aka security officer) had never worked with such compliance aspects and rules before. So we decided to get third-party assistance and signed up with Compliance Aspekte. Their guided approach has played a vital role for us. They had all the detailed explanations for compliance checks and risk analyses, including suggestions on how to handle it practically.
One of the features we like best about Compliance Aspekte is its streamlined compliance process. At every stage during the security management lifecycle process, recurring tasks like scoping, structural analysis, modeling, and even tracking risks and controls are supported by a variety of features, e.g. mapping controls with multiple requirements, assigning individual assets to different scopes as well as expanding requirement and control catalogs. Having Helga, the compliance assistance bot, is also a very special plus as she can explain terms and provides guidance through the application. We really love and live Compliance Aspekte!
Compliance Aspekte is very user-friendly and customization is easy. We can conduct ISO compliance, and data protection…we can make anything we want in one tool. And this is the only tool with which it is possible. It helps us to keep the data consistent and simplify audits. The Compliance Aspekte tool is better than the existing competitors on the market and at the same time cheaper.
Closer look at how TISAX® Assessment works
TISAX incorporates significant aspects of ISO 27001 with additional criteria applicable to the automotive industry, i.e., prototype protection. The assessments are shared on the TISAX® VDA ISA catalog, granting transparency and simplicity to all the companies involved. They can select an audit provider and get standardized ISA results that other participants in the automotive industry accept.
TISAX® assessment levels and protection needs
TISAX® defines three assessment levels and three levels of protection: normal, high, and very high.
TISAX® assessment level 1 – normal protection need. It is not used in TISAX® but can be implemented for internal purposes in the true sense of a self-assessment. An assessor checks if a completed self-assessment exists but does not examine its content. Your partner can request a self-evaluation outside of TISAX®.
TISAX® Assessment level 2 – high protection need. An audit organization with the self-assessment carries out evaluation as a basis, documents, and a phone interview.
TISAX® level 3 – very high protection need. An independent audit company does the assessment based on documentation and an onsite audit.
Why should organizations
implement TISAX®?
Try our tool for free - Establishing credibility as a trusted partner for OEM manufacturers and suppliers.
- Streamlining processes, saving both time and budget by eliminating multiple information security assessments.
- Mitigating risk through the implementation of an effective risk management system.
- Enhancing collaboration opportunities and driving sales growth.
- Leveraging a unified standard for information security, aligning with automotive industry requirements.
- Assessing the maturity of information security controls within the company.
- Heightening employee awareness of information security practices.
5 steps to TISAX® certification
- Step 1: Learn. Get to know the TISAX® requirements.
- Step 2: Get ready. To gain access to the TISAX® portal, companies need to register as participants on the official TISAX® ENX association website. Choose your auditing body and prepare for the audit. Conduct a self-assessment to measure your compliance and readiness.
- Step 3: Assess. The way an audit is conducted depends on whether you qualify for a Level 2 or Level 3 assessment. Level 2 audits are done remotely, while Level 3 audits require onsite inspections. The audit consists of a document review, interviews, and clarification of possible findings and may include the following steps.
- Step 4: Share your results. After you decide which ENX participants to share your ISA results with, the audit provider will upload a TISAX® report to the platform.
- Step 5: Improve. A corrective action plan (CAP) must be prepared and submitted to the audit provider to resolve gaps revealed during the assessment. Afterward, the CAP is evaluated through a follow-up and completes the TISAX® report.
Try Compliance Aspekte for free
FAQ
The abbreviation stands for Trusted Information Security Assessment Exchange. It’s an industry-specific information security standard for the automotive sector managed by the ENX association on behalf of the VDA or the German Automobile Industry Association.
TISAX is based on the essential requirements of ISO 27001, the internationally recognized standard for information security, and adapted solely for the automotive sector. ISO 27001 is applicable across all industries and depicts requirements, rules, and methods for ensuring information security within a company.
TISAX® is not an obligatory certification. However, it is required and recognized by all the German Automotive Industry Association (VDA) members and original equipment manufacturers such as BMW, Audi, and Volkswagen. Therefore, the TISAX® certification is recommended for companies that want to operate in the automotive sector successfully.
This standard is a trademark of the ENX Association based in Frankfurt am Main, Germany, and Paris, France. It includes automobile manufacturers, suppliers, and other national automotive associations. The main objective of the ENX Association is to facilitate and streamline secure and reliable collaboration over industrial value-added networks. That’s why it scrutinizes the quality of the implementation and gives approval to assessment service providers according to a rigorous procedure.
Here are a few reasons why a software tool might be better for TISAX® compliance management:
Excel might be a cumbersome tool for handling data protection, governance, and risk management. It does not provide a bird’s-eye view of all your compliance activities in your organization as spreadsheets require a lot of manual input and usually exist in silos apart from one another.
Using Excel you should manually make changes in several places as they are not automatically embedded.
Excel spreadsheets are not secure. They can be located in different shared folders, and multiple people can access and use them.
It’s almost impossible to work in Excel conveniently when multiple people are involved.
With a special compliance tool in place, you will be spared all the inconveniences and multiple issues you have when working with Excel.
The TISAX® standard takes its origin from ISO 27001. It also uses ISO 27001 information security controls that define how requirements must be implemented.
First and foremost, TISAX® provides you with better information security and transparency. This certification is recognized by world-famous automotive companies such as Volkswagen, BMW, and Audi.
Sure. We have the necessary knowledge of the automotive industry and hands-on experience in ISMS implementation for TISAX® audit consulting. In addition to our compliance tool, our authorized ISMS experts will accurately assess your company’s level of preparedness for an official TISAX® assessment.
TISAX® is a registered trademark of the ENX Association . Infopulse GmbH has no business relationship with ENX. Mentioning the TISAX® brand does not imply any statement by the brand owner on the suitability of the services advertised here.
Effective and easy-to-use IT security management system based on the latest standards and regulations — from planning and establishing the security concept to certification.